With 2. 5 billion users worldwide, Google’s YouTube is undoubtedly the most popular video platform on the planet. And not only between valid users. I recently reported how hackers were going after YouTube creators’ accounts as part of an ongoing credential theft attack. Now, according to a recently published security study, it seems that the risk has evolved and YouTube attackers distribute fake installers through trusted hosting facilities that stealthily evade detection and end up stealing sensitive browser data, adding user credentials. This is what you want to know.
Although the challenge of YouTube accounts being targeted by attackers is not new and YouTube itself has even brought in a new AI bot for affected account holders to regain their access, this latest study comes with a much bigger warning. harmful: YouTube’s 2. 5 billion users are at risk.
In the January 10 report, Trend Micro Incident Response Analyst Ryan Maglaque, Threat Analyst Jay Nebre, and Associate Security Analyst Allixon Kristoffer Francisco revealed how attackers are employing YouTube and other social media platforms. as components of their campaigns that offer download links to malicious content. fake software installers by taking credit for accepting as true that users position themselves on those sites to generate clicks that result in the installation of credential theft malware on their devices. Links to pirated videos or software are the key to these piracy attacks.
“Victims are lured into piracy through Americans posing as guides on video-sharing platforms such as YouTube,” the analysts explained. “These deceptive actors create the pretext of providing valid software installation tutorials to trick the audience into clicking on malicious links in video descriptions. feedback.
The report highlighted how an attacker lures victims with a YouTube video posing as a tutorial, in this case on how to get a free download of cracked Adobe Lightroom software. The first comment on the video includes a link which in turn opens another YouTube post containing the actual malicious link for downloading the fake installer. This link is located on a giant file hosting site valid “as another layer that makes it difficult to understand your additional download and evade detection,” according to the report.
These hacking attacks that start on YouTube are harmful because they use a number of strategies to remain stealthy and evade detection. These include, analysts said:
I have reached out to YouTube for a statement. In the meantime, I recommend checking out Google’s malware protection advice and, of course, not searching for ways to crack legitimate software and get it for free.
One Community. Many Voices. Create a free account to share your thoughts.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
To do so, please comply with the posting regulations in our site’s terms of use. We summarize some of those key regulations below. In short, civilians.
Your post will be rejected if we notice that it seems to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a user?
Thank you for reading our Community Guidelines. Read the full list of publishing regulations discovered in our site’s terms of use.